CVE-2025-36009 — Improper Validation of Specified Quantity in Input in IBM DB2

CWE-1284 — Improper Validation of Specified Quantity in Input CWE-1108 — Excessive Reliance on Global Variables6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 94.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedJan 30

Latest updateJan 31

Description

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/db211.5.0 — 11.5.9+1

🔴Vulnerability Details

GHSA

GHSA-h944-mx2g-43vq: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11↗2026-01-31

▶

CVEList

IBM Db2 Denial of Service↗2026-01-30

▶

OSV

CVE-2025-36009: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use↗2026-01-30

▶

📋Vendor Advisories

Microsoft

ax25: Fix netdev refcount issue↗2024-05-14

▶

🕵️Threat Intelligence

Wiz

CVE-2025-36009 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶